Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fQnz-df1nI6nFO_Crofc2-PUt60.roa
File: fQnz-df1nI6nFO_Crofc2-PUt60.roa (raw, json)
Hash identifier: T51g2vI4mIBhWkSSz3KeINMftunME+43YAJfAYa4aK4=
Subject key identifier: 7D:09:F3:F9:D7:F5:9C:8E:A7:14:EF:C2:AE:87:DC:DB:E3:D4:B7:AD
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0186AB95B6271AD0EC7541E4AC7C5EC4EEE6
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fQnz-df1nI6nFO_Crofc2-PUt60.roa
Signing time: Sat 04 Mar 2023 07:46:00 +0000
ROA not before: Sat 04 Mar 2023 07:46:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 139660
IP address blocks: 89.33.14.0/24 maxlen: 24
103.205.26.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:ab:95:b6:27:1a:d0:ec:75:41:e4:ac:7c:5e:c4:ee:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Mar 4 07:46:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7d09f3f9d7f59c8ea714efc2ae87dcdbe3d4b7ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:06:7e:61:28:f3:56:88:de:61:24:01:e7:35:
d5:9b:42:2a:3f:03:ef:69:a9:78:6c:cc:44:0c:17:
cb:02:03:3f:77:0b:88:f9:ba:0d:dc:4d:1b:f3:f3:
2d:3d:90:97:64:d1:eb:bd:79:2d:63:e7:42:ac:fe:
13:6e:4b:f7:1c:9d:a8:76:c0:97:17:41:de:f0:40:
11:fb:6d:d3:3b:a4:7a:ca:8e:77:4d:3f:27:24:06:
ee:46:23:c6:79:bc:f9:30:b2:a6:96:55:eb:90:c4:
d1:df:28:23:f8:f9:7d:7a:94:aa:ea:d6:1a:14:cb:
b0:a4:08:af:a9:ca:f0:5b:f7:bf:6e:87:28:65:b7:
6b:db:1f:f2:c9:1f:6b:7f:fb:68:3a:e2:04:06:54:
2a:e7:88:db:4e:4e:be:a4:a5:d8:9e:ce:59:16:f3:
51:30:28:1a:b6:1d:82:62:6b:2a:8b:46:bf:65:09:
62:58:ef:d1:0d:74:de:af:47:c9:67:60:4b:6f:e4:
c1:7c:08:d5:b5:38:de:96:3e:c7:07:5a:5d:f0:00:
91:d5:8f:32:94:0d:e1:24:9a:1c:27:13:f6:88:53:
49:73:65:d9:54:df:a6:06:5a:6f:73:35:74:dc:42:
2e:91:23:d0:13:71:d9:4a:1c:a4:78:67:d3:f8:51:
d5:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:09:F3:F9:D7:F5:9C:8E:A7:14:EF:C2:AE:87:DC:DB:E3:D4:B7:AD
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/fQnz-df1nI6nFO_Crofc2-PUt60.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.33.14.0/24
103.205.26.0/24
Signature Algorithm: sha256WithRSAEncryption
77:be:37:37:79:cb:f5:76:dc:2e:7e:4e:dd:15:6c:89:99:b1:
b3:c1:fb:b1:8d:d9:8c:93:2a:2b:93:4c:47:4a:50:a1:a1:9d:
9f:4e:62:1d:ce:69:29:79:f2:51:6f:51:dd:0c:9a:de:2f:23:
d6:c6:f8:87:0a:8c:94:3b:af:ec:04:1d:74:4a:e6:41:18:4b:
7e:e9:6a:f2:e4:db:c7:5c:28:41:c3:ce:b1:31:ba:f6:ab:41:
9b:f6:57:ce:b0:f5:c9:d6:72:f6:96:5a:e6:02:d4:43:db:13:
7a:e5:f2:cc:8a:51:91:a6:f2:87:ee:2e:25:1f:d8:01:c1:54:
da:d1:1e:43:e4:c1:7c:b9:85:bb:de:91:ac:68:01:24:fc:bc:
ba:2e:93:43:47:90:28:87:93:e1:8b:c2:b8:69:a9:5a:44:15:
f7:8c:3d:c5:a4:23:44:bf:0b:42:fb:8c:c7:e1:70:6d:49:7e:
de:2a:25:6d:bb:35:e5:4a:48:b3:8f:88:5c:a8:75:f2:a1:57:
63:7b:d3:24:a5:63:1d:9b:5d:8e:c3:da:77:e1:ae:49:a7:e2:
1e:85:da:ce:db:77:fe:92:a5:92:25:cb:37:f8:b9:67:07:61:
06:f0:b9:6b:26:a6:34:c5:52:80:b4:26:3b:5d:d3:6b:f9:29:
f0:4f:56:0e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYarlbYnGtDsdUHkrHxexO7mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMzA0MDc0NjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDA5ZjNmOWQ3ZjU5YzhlYTcxNGVmYzJhZTg3ZGNkYmUzZDRiN2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAZ+YSjzVojeYSQB5zXVm0IqPwPv
aal4bMxEDBfLAgM/dwuI+boN3E0b8/MtPZCXZNHrvXktY+dCrP4Tbkv3HJ2odsCX
F0He8EAR+23TO6R6yo53TT8nJAbuRiPGebz5MLKmllXrkMTR3ygj+Pl9epSq6tYa
FMuwpAivqcrwW/e/bocoZbdr2x/yyR9rf/toOuIEBlQq54jbTk6+pKXYns5ZFvNR
MCgath2CYmsqi0a/ZQliWO/RDXTer0fJZ2BLb+TBfAjVtTjelj7HB1pd8ACR1Y8y
lA3hJJocJxP2iFNJc2XZVN+mBlpvczV03EIukSPQE3HZShykeGfT+FHVNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH0J8/nX9ZyOpxTvwq6H3Nvj1LetMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvZlFuei1kZjFuSTZuRk9fQ3JvZmMyLVBVdDYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWSEOAwQA
Z80aMA0GCSqGSIb3DQEBCwUAA4IBAQB3vjc3ecv1dtwufk7dFWyJmbGzwfuxjdmM
kyork0xHSlChoZ2fTmIdzmkpefJRb1HdDJreLyPWxviHCoyUO6/sBB10SuZBGEt+
6Wry5NvHXChBw86xMbr2q0Gb9lfOsPXJ1nL2llrmAtRD2xN65fLMilGRpvKH7i4l
H9gBwVTa0R5D5MF8uYW73pGsaAEk/Ly6LpNDR5Aoh5Phi8K4aalaRBX3jD3FpCNE
vwtC+4zH4XBtSX7eKiVtuzXlSkizj4hcqHXyoVdje9MkpWMdm12Ow9p34a5Jp+Ie
hdrO23f+kqWSJcs3+LlnB2EG8LlrJqY0xVKAtCY7XdNr+SnwT1YO
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:12 2024 by rpki-client on console-ams.rpki-client.org